Skip to content

Commit

Permalink
add tests and simplify Glob
Browse files Browse the repository at this point in the history
  • Loading branch information
@decyjphr
decyjphr committed Aug 30, 2024
1 parent 9bb97bf commit b4b1714
Show file tree
Hide file tree
Showing 2 changed files with 96 additions and 9 deletions.
27 changes: 18 additions & 9 deletions lib/glob.js
View file
Original file line number Diff line number Diff line change
@@ -1,31 +1,40 @@
const _ = require('lodash')
class Glob {
constructor (glob) {
this.glob = this.sanitize(glob)
this.glob = glob
this.lodashText = _.escapeRegExp(glob)

// If not a glob pattern then just match the string.
if (!this.glob.includes('*')) {
this.regexp = new RegExp(`.*${this.glob}.*`, 'u')

Check failure

Code scanning / CodeQL

Regular expression injection High

This regular expression is constructed from a
environment variable
Loading
.
return
}

this.regexp = new RegExp(`^${this.glob}$`, 'u')
this.regexptText = this.globize(this.glob)
this.regexp = new RegExp(`^${this.regexptText}$`, 'u')

Check failure

Code scanning / CodeQL

Regular expression injection High

This regular expression is constructed from a
environment variable
Loading
.
}

sanitize (glob) {
globize (glob) {
return glob
.replace(/\\/g, '\\\\')
.replace(/\//g, '\\/')
.replace(/\?/g, '([^\\/])')
.replace(/\./g, '\\.')
.replace(/\\/g, '\\\\') // escape backslashes
.replace(/\//g, '\\/') // escape forward slashes
.replace(/\./g, '\\.') // escape periods
.replace(/\?/g, '([^\\/])') // match any single character except /
.replace(/\*\*/g, '.+') // match any character except /, including /
.replace(/\*/g, '([^\\/]*)') // match any character except /
}

sanitize2 (glob) {
return _.escapeRegExp(glob
.replace(/\*\*/g, '.+')
.replace(/\*/g, '([^\\/]*)')
.replace(/\*/g, '([^\\/]*)'))
}

toString () {
return this.glob
}

[Symbol.search] (s) {
console.log(`blob: ${this.glob} lodashText: ${this.lodashText} regexpText: ${this.regexptText} regexp: ${this.regexp} s: ${s}`)
return s.search(this.regexp)
}

Expand Down
78 changes: 78 additions & 0 deletions test/unit/lib/glob.test.ts
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,78 @@
const Glob = require('../../../lib/Glob')

describe('glob test', function () {

test('Test Glob **', () => {
let pattern = new Glob('**/xss')
let str = 'test/web/xss'
expect(str.search(pattern)>=0).toBeTruthy()
str = 'test/web/xsssss'
expect(str.search(pattern)>=0).toBeFalsy()

pattern = new Glob('**/*.txt')
str = 'sub/3.txt'
expect(str.search(pattern)>=0).toBeTruthy()
str = '/sub1/sub2/sub3/3.txt'
expect(str.search(pattern)>=0).toBeTruthy()

pattern = new Glob('**/csrf-protection-disabled')
str = 'java/csrf-protection-disabled'
expect(str.search(pattern)>=0).toBeTruthy()
str = '/java/test/csrf-protection-disabled'
expect(str.search(pattern)>=0).toBeTruthy()
})

test('Test Glob *', () => {
let str = 'web/xss'
let pattern = new Glob('*/xss')
expect(str.search(pattern)>=0).toBeTruthy()

pattern = new Glob('./[0-9].*')
str = './1.gif'
expect(str.search(pattern)>=0).toBeTruthy()
str = './2.gif'
expect(str.search(pattern)>=0).toBeTruthy()
str = './2.'
expect(str.search(pattern)>=0).toBeTruthy()

pattern = new Glob('*/csrf-protection-disabled')
str = 'java/csrf-protection-disabled'
expect(str.search(pattern)>=0).toBeTruthy()
str = 'rb/csrf-protection-disabled'
expect(str.search(pattern)>=0).toBeTruthy()

pattern = new Glob('*/hardcoded-credential*')
str = 'java/csrf-protection-disabled'
expect(str.search(pattern)>=0).toBeFalsy()
str = 'rb/csrf-protection-disabled'
expect(str.search(pattern)>=0).toBeFalsy()
str = 'cs/hardcoded-credentials'
expect(str.search(pattern)>=0).toBeTruthy()
str = 'java/hardcoded-credential-api-call'
expect(str.search(pattern)>=0).toBeTruthy()

})

test('Test Glob no *', () => {
let pattern = new Glob('csrf-protection-disabled')
let str = 'java/hardcoded-credential-api-call'
expect(str.search(pattern)>=0).toBeFalsy()
str = 'cs/test/hardcoded-credentials'
expect(str.search(pattern)>=0).toBeFalsy()
str = 'rb/csrf-protection-disabled'
expect(str.search(pattern)>=0).toBeTruthy()
str = 'java/csrf-protection-disabled'
expect(str.search(pattern)>=0).toBeTruthy()

pattern = new Glob('csrf')
str = 'java/hardcoded-credential-api-call'
expect(str.search(pattern)>=0).toBeFalsy()
str = 'cs/test/hardcoded-credentials'
expect(str.search(pattern)>=0).toBeFalsy()
str = 'rb/csrf-protection-disabled'
expect(str.search(pattern)>=0).toBeTruthy()
str = 'java/csrf-protection-disabled'
expect(str.search(pattern)>=0).toBeTruthy()
})

})

0 comments on commit b4b1714

Please sign in to comment.